According to The Onion's Chris Sinchok, the attack started as a series of phishing e-mails to Onion staff members, which included a link to what appeared to be a Washington Post article. The URL was actually a link to a hacked website that redirected to a fake Google Apps login page.

This is why I set my email client to default to plain text mode - this kind of phish attempt sticks out like a sore thumb. If I really want to see all the pretty formatting and pictures, I can change that on the fly for each message. That said, most of the phishing attempts are already flagged by the spam filters before they reach my inbox, so they all just sit in the junk folder until I delete them.

Just for clarification, are we now lumping together all instances of unauthorized access (e.g. phishing) and categorizing them as "hacking"?

That's been the custom for quite a while now; the original meaning (of code hacking) has been long-lost from the general lexicon.

"In the computer security context, a hacker is someone who seeks and exploits weaknesses in a computer system or computer network."

As this case shows, and frankly every case, the largest weakness in a computer network, is giving users access to it. Who needs to find some obscure bug, backdoor, or weakness in the software it runs, when a user is willing to just hand over his keys.

Just for clarification, are we now lumping together all instances of unauthorized access (e.g. phishing) and categorizing them as "hacking"?

That's been the custom for quite a while now; the original meaning (of code hacking) has been long-lost from the general lexicon.

Heck, that wasn't even the original meaning."Doing something clever" (1950s)"Doing something clever with computers" (1980s)"Doing something clever to get into computers you shouldn't be able to get into" (1990s)"Doing anything to get into computers you shouldn't be able to get into" (2010's)

The etymology of the word "hack" actually dates back to as early as the 1400s or as late as the 1700s, and may derive from either the chopping term (as in "he hacked at the wood with the axe") or the hackney carriage derivation. Hack is used for taxis, riding, for wagons, for falconry, and for writing, as something that was made ready or is used for everyday purpose, and/or hired out for everyday tasks. The etymology is shared for all these terms and differs in particular but all boil down (roughly) to the same word coming from the abbreviation of hackney carriage or wagon to "hack." Hackney became shortened to "hack" for an ordinary horse or carriage, eventually a horse for hire and carriage for hire, and so the term spread.

Crack, of course, or cracker versus hacker, is more akin to safe cracking and obviously comes from the "opening" meaning. This would suggest "hack" was derived from the "cutting," but most evidence from early computer usage of the term suggests it was used to refer to someone who used common tools and hard work as a solution to problems, e.g. "working like a hack" rather than specialized tools or simple, high end professional solutions.

So it's really taxi drivers who should be upset at the usage of hack and hacker as pejoratives for computer crimes. Or perhaps falconry aficionados.

Just for clarification, are we now lumping together all instances of unauthorized access (e.g. phishing) and categorizing them as "hacking"?

That's been the custom for quite a while now; the original meaning (of code hacking) has been long-lost from the general lexicon.

Agreed. It was less of a question than it was a social commentary. Phishing is to "hacking" as worm is to "malware". I suppose this happens when a term shifts from use within the more technical crowd to use by the general public. I can understand the change--language changes all the time--but I'm not particularly a fan of it since, in my dictionary, it's not technically accurate.

What about PGP signing messages with links? Wouldn't that would allow you to securely, in-band communicate such issues?

The PGP infrastructure is not practical given the number of devices that a news organization would use. It is also likely to be less secure as it would have to be tightly coupled with their email to be useful.

An out of band solution is much simpler and more secure. This can be as simple as posting messages to a separate secure site who's url and access credentials are given to employees on paper. If there is an incident, you email to tell people to check for a message, but don't say where or how as only real employees would know this.

You could also do a no tech solution by inventing a secret message (ie a message saying that Server25 is going down for maintenance means change your passwords).

What about PGP signing messages with links? Wouldn't that would allow you to securely, in-band communicate such issues?

The PGP infrastructure is not practical given the number of devices that a news organization would use. It is also likely to be less secure as it would have to be tightly coupled with their email to be useful.

An out of band solution is much simpler and more secure. This can be as simple as posting messages to a separate secure site who's url and access credentials are given to employees on paper. If there is an incident, you email to tell people to check for a message, but don't say where or how as only real employees would know this.

You could also do a no tech solution by inventing a secret message (ie a message saying that Server25 is going down for maintenance means change your passwords).

Yeah, that'll work. All a hacker then needs to do then is look up the office workers' Facebook images for any password information on PostIt notes attached to their monitors. No doubt it'll also have the URL, will be in shot, and will likely also be in focus.

You do know you're trying to make secure people who will, on average, abandon best practices when it adds more than a minute to their day, right?

What about PGP signing messages with links? Wouldn't that would allow you to securely, in-band communicate such issues?

The PGP infrastructure is not practical given the number of devices that a news organization would use. It is also likely to be less secure as it would have to be tightly coupled with their email to be useful.

An out of band solution is much simpler and more secure. This can be as simple as posting messages to a separate secure site who's url and access credentials are given to employees on paper. If there is an incident, you email to tell people to check for a message, but don't say where or how as only real employees would know this.

You could also do a no tech solution by inventing a secret message (ie a message saying that Server25 is going down for maintenance means change your passwords).

My first thought is you would be lucky to get half the employees to go to the site. Having an internal robo call system might get a higher percentage to pay attention, as long as you keep the message short and to the point.

The etymology of the word "hack" actually dates back to as early as the 1400s or as late as the 1700s, and may derive from either the chopping term (as in "he hacked at the wood with the axe") or the hackney carriage derivation. Hack is used for taxis, riding, for wagons, for falconry, and for writing, as something that was made ready or is used for everyday purpose, and/or hired out for everyday tasks. The etymology is shared for all these terms and differs in particular but all boil down (roughly) to the same word coming from the abbreviation of hackney carriage or wagon to "hack." Hackney became shortened to "hack" for an ordinary horse or carriage, eventually a horse for hire and carriage for hire, and so the term spread.

Crack, of course, or cracker versus hacker, is more akin to safe cracking and obviously comes from the "opening" meaning. This would suggest "hack" was derived from the "cutting," but most evidence from early computer usage of the term suggests it was used to refer to someone who used common tools and hard work as a solution to problems, e.g. "working like a hack" rather than specialized tools or simple, high end professional solutions.

The online etymological dictionary has a little more detail:

Quote:

hacker (n.) "a chopper, cutter," perhaps also "one who makes hacking tools," early 13c. (as a surname), agent noun from hack (v.1). Meaning "one who gains unauthorized access to computer records" is attested by 1983, agent noun from hack (v.2). Said to be from slightly earlier tech slang sense of "one who works like a hack at writing and experimenting with software, one who enjoys computer programming for its own sake," 1976, reputedly a usage that evolved at Massachusetts Institute of Technology (however an MIT student from the late 1960s recalls hack (n.) being used then and there in the general sense of "creative prank," which clouds its sense connection with the "writing for hire" word, and there may be a source or an influence here in hack (v.1)).hack (v.3) "to cough with a short, dry cough," 1802, perhaps from hack (v.1) on the notion of being done with difficulty, or else imitative.hack (n.1) "tool for chopping," early 14c., from hack (v.1); cf. Danish hakke "mattock," German Hacke "pickax, hatchet, hoe." Meaning "an act of cutting" is from 1836; figurative sense of "a try, an attempt" is first attested 1898.hack (n.2) "person hired to do routine work," c.1700, ultimately short for hackney "an ordinary horse" (c.1300), probably from place name Hackney, Middlesex (q.v.). Apparently nags were raised on the pastureland there in early medieval times. Extended sense of "horse for hire" (late 14c.) led naturally to "broken-down nag," and also "prostitute" (1570s) and "drudge" (1540s). Sense of "carriage for hire" (1704) led to modern slang for "taxicab." As an adjective, 1734, from the noun. Hack writer is first recorded 1826, though hackney writer is at least 50 years earlier. Hack-work is recorded from 1851.hack (v.2)

Of most interest is the fact that the first attested meaning we have for computer hacker is "one who gains unauthorized access to computer records." There is also oral evidence that the term evolved from "one who works like a hack at writing and experimenting with software, one who enjoys computer programming for its own sake," although this is slightly undercut by the MIT student's comment that "hack was used in the 60's to mean a "creative prank."

Quote:

So it's really taxi drivers who should be upset at the usage of hack and hacker as pejoratives for computer crimes. Or perhaps falconry aficionados.

I think everyone should be offended because of the connection to "political hack" - i.e., a generally unqualified person hired to fill a job solely due to his political connections.

The SEA chose the wrong outlet for what is essentially correct information.

Joking about their inevitible death doesn't seem to be in terribly good taste, either =/

I agree. (just quoting to keep your post alive).

I assume the hack wasn't an attack on the Onion as such, but more a way to get their message out to a wider audience. It's not like they DDOS'ed the site, defaced it or anything. They send a political joke out in a format not foreign to the Onion.

---

But well, who cares that the rebels are implementing shariah law in the areas they control, vs. the normal secular rule of religious freedom and equality for women under Assad. Assad is a friend of Iran and enemy of Israel, so lets support the other guys.